[X2Go-Commits] x2goclient.git - build-baikal (branch) updated: 4.0.1.1-14-g1a4504a
X2Go dev team
git-admin at x2go.org
Wed Jan 8 22:20:05 CET 2014
The branch, build-baikal has been updated
via 1a4504aefb145446c9011fb34743aa8535db3b7b (commit)
from 2053e46bfda54ca967f01e637576c65697427952 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 3 +++
httpbrokerclient.cpp | 30 ++++++++++++++++++++----------
httpbrokerclient.h | 2 ++
man/man1/x2goclient.1 | 3 +++
onmainwindow.cpp | 5 +++++
onmainwindow.h | 1 +
6 files changed, 34 insertions(+), 10 deletions(-)
The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index e069591..78908d6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,9 @@ x2goclient (4.0.1.2-0~x2go2) UNRELEASED; urgency=low
+ Perform sanity checks on data that comes in from X2Go Servers.
Prohibit the execution of arbitrary code via the ~/.bashrc file.
(Fixes: #333).
+ + Add option --broker-cacertfile. Allow usage of non-system-wide
+ installed (self-signed) SSL certificate chains for https (SSL)
+ session broker connections. (Fixes: #311).
* Pull-in packaging changes from Debian.
[ Ricardo Díaz Martín ]
diff --git a/httpbrokerclient.cpp b/httpbrokerclient.cpp
index 6d16b7b..5bf9caf 100644
--- a/httpbrokerclient.cpp
+++ b/httpbrokerclient.cpp
@@ -21,6 +21,7 @@
#include <QTextStream>
#include <QFile>
#include <QDir>
+#include <QSslSocket>
#include "x2gologdebug.h"
#include <QMessageBox>
#include <QDateTime>
@@ -41,10 +42,6 @@ HttpBrokerClient::HttpBrokerClient ( ONMainWindow* wnd, ConfigFile* cfg )
QUrl lurl ( config->brokerurl );
if(lurl.userName().length()>0)
config->brokerUser=lurl.userName();
- /*
- * load self-signed / custome (root-)CA certificate
- * see. http://www.thomaskeller.biz/blog/2009/01/03/ssl-verification-with-qt-and-a-custom-ca-certificate/
- */
if(config->brokerurl.indexOf("ssh://")==0)
{
@@ -58,18 +55,31 @@ HttpBrokerClient::HttpBrokerClient ( ONMainWindow* wnd, ConfigFile* cfg )
else
{
sshBroker=false;
+
http=new QHttp ( this );
- if ( config->brokerurl.indexOf ( "https://" ) ==0 )
+
+ if ( config->brokerurl.indexOf ( "https://" ) ==0 ) {
+ if ((config->brokerCaCertFile.length() >0) && (QFile::exists(config->brokerCaCertFile))) {
+
+ sslSocket = new QSslSocket(this);
+ connect ( sslSocket, SIGNAL ( sslErrors ( const QList<QSslError>& ) ),this,
+ SLOT ( slotSslErrors ( const QList<QSslError>& ) ) );
+ http->setSocket(sslSocket);
+ sslSocket->addCaCertificates(config->brokerCaCertFile, QSsl::Pem);
+ x2goDebug<<"Custom CA certificate file loaded into HTTPS broker client: "<<config->brokerCaCertFile;
+
+ } else {
+ connect ( http, SIGNAL ( sslErrors ( const QList<QSslError>& ) ),this,
+ SLOT ( slotSslErrors ( const QList<QSslError>& ) ) );
+ }
http->setHost ( lurl.host(),QHttp::ConnectionModeHttps,
lurl.port ( 443 ) );
- else
+ } else {
http->setHost ( lurl.host(),QHttp::ConnectionModeHttp,
lurl.port ( 80 ) );
-
+ }
connect ( http,SIGNAL ( requestFinished ( int,bool ) ),this,
SLOT ( slotRequestFinished ( int,bool ) ) );
- connect ( http,SIGNAL ( sslErrors ( const QList<QSslError>& ) ),this,
- SLOT ( slotSslErrors ( const QList<QSslError>& ) ) );
}
}
@@ -520,7 +530,7 @@ void HttpBrokerClient::slotSslErrors ( const QList<QSslError> & errors )
QSslCertificate cert;
for ( int i=0; i<errors.count(); ++i )
{
- x2goDebug<<"sslError ,code:"<<errors[i].error() <<":";
+ x2goDebug<<"sslError, code:"<<errors[i].error() <<":";
err<<errors[i].errorString();
if ( !errors[i].certificate().isNull() )
cert=errors[i].certificate();
diff --git a/httpbrokerclient.h b/httpbrokerclient.h
index 78218dc..fc4115d 100644
--- a/httpbrokerclient.h
+++ b/httpbrokerclient.h
@@ -22,6 +22,7 @@
#include <QBuffer>
#include <QObject>
#include <QDateTime>
+#include <QSslSocket>
#include "sshmasterconnection.h"
/**
@author Oleksandr Shneyder <oleksandr.shneyder at obviously-nice.de>
@@ -43,6 +44,7 @@ private:
QBuffer httpCmdAnswer;
QBuffer httpSessionAnswer;
QHttp* http;
+ QSslSocket* sslSocket;
int sessionsRequest;
int selSessRequest;
int chPassRequest;
diff --git a/man/man1/x2goclient.1 b/man/man1/x2goclient.1
index 9eb69ae..8f77f87 100644
--- a/man/man1/x2goclient.1
+++ b/man/man1/x2goclient.1
@@ -106,6 +106,9 @@ In case you want to retrieve \fBx2goclient\fR session profiles from an X2Go Sess
\*(T<\fB\-\-broker-url=<URL>\fR\*(T>
Specify the <URL> of the X2Go Session Broker. X2Go Client can access http:// and ssh:// style URLs.
.TP
+\*(T<\fB\-\-broker-cacertfile=</path/to/cafile.crt>\fR\*(T>
+Specify a special (self-signed) root-CACert file that shall get used when connecting to an X2Go Session Broker via https (SSL).
+.TP
\*(T<\fB\-\-broker-noauth\fR\*(T>
The X2Go Session Broker is accessible without authentication.
.TP
diff --git a/onmainwindow.cpp b/onmainwindow.cpp
index 3036ecd..d0a3108 100644
--- a/onmainwindow.cpp
+++ b/onmainwindow.cpp
@@ -6597,6 +6597,11 @@ bool ONMainWindow::parseParameter ( QString param )
config.brokerurl=value;
return true;
}
+ if ( setting == "--broker-cacertfile")
+ {
+ config.brokerCaCertFile=value;
+ return true;
+ }
if ( setting == "--broker-ssh-key")
{
config.brokerSshKey=value;
diff --git a/onmainwindow.h b/onmainwindow.h
index 70504d2..7e1d02c 100644
--- a/onmainwindow.h
+++ b/onmainwindow.h
@@ -168,6 +168,7 @@ struct ConfigFile
bool brokerAutologin;
bool brokerAutologoff;
QString brokerSshKey;
+ QString brokerCaCertFile;
QString iniFile;
QString server;
QString serverIp;//Can be different from server (use for loadballancing)
hooks/post-receive
--
x2goclient.git (X2Go Client)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goclient.git" (X2Go Client).
More information about the x2go-commits
mailing list